rec avatar image
rec asked

What to do if the access token expires

now, my cloud service has a bug that user's access token may be missing sometimes, so when I can‘t find the token I will return a 'EXPIRED_AUTHORIZATION_CREDENTIAL' message, I think this message will let Alexa get the new token.but it doesn't work.

alexa skills kitalexa smart home
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

Anand@Amazon avatar image
Anand@Amazon answered

It depends whether you are using oauth2 or implicit grant. If you are using oauth then with access token authorization server also provide refresh token which can be used to get the access token once it get expired. For implicit grant if access token is expired you have to initiate the login process again to get the access token.

10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

I use Oauth2 and set the expires_in = 3600, thus the token will be expired after an hour.But before the token is expired I may return an 'EXPIRED_AUTHORIZATION_CREDENTIAL' error message, will this work? for example,

  • at 5 am I return '{"expires_in":3600,"refresh_token":"5a","access_token":"5a"}' .
  • at 5:20 am user do a turnOn request and I return a 'expired token' error to alexa,

will alexa refresh the token before user's next request?

0 Likes 0 ·

Hi rec,

Sorry for late response. Here are the details:

Your authorization server needs to provide an access token that uniquely identifies a user in your system.

For authorization code grant, the Alexa service calls your authorization server (specified as the Access Token URI in the developer portal) and passes the code and client credentials. The authorization server must return the access token and an optional refresh token. Although the refresh token is optional, it is recommended if your access token expires. The Alexa service can use the refresh token to get a new access token when the previous one expires, without disrupting the end user.

0 Likes 0 ·

My authorization has returned to refresh the token, but Alexa has not refreshed, or shall I tell Alexa token to expire? Or Alexa doesn't refresh, but I want to refresh it?

0 Likes 0 ·
Show more comments

is this issue resolved? How are you forcing Alexa Service to do a refresh token?

0 Likes 0 ·

Whenever you perform account linking for first time authorization server send refresh token and access token. Access token you can retrieve in lambda code but Alexa platform take care of refresh token and when access token about to get expired Alexa generate new access token using refresh token.

Start creating access token with less expiration time then you can force refresh token to work.

0 Likes 0 ·